From 8bc7ad4383452b2a3872aea3ef7c3eaef675af3b Mon Sep 17 00:00:00 2001 From: mensonge Date: Fri, 14 Nov 2008 14:38:55 +0000 Subject: Bug fix: correct XSS problems (prevent username with non-alphanumeric characters, protect profile page) git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@157 b3834d28-1941-0410-a4f8-b48e95affb8f --- services/userservice.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'services/userservice.php') diff --git a/services/userservice.php b/services/userservice.php index e50faaa..9b295da 100644 --- a/services/userservice.php +++ b/services/userservice.php @@ -393,8 +393,9 @@ class UserService { if (strlen($username) > 24) { // too long usernames are cut by database and may cause bugs when compared return false; - } else { - return true; + } elseif (preg_match('/(\W)/', $username) > 0) { + // forbidden non-alphanumeric characters + return false; } return true; } -- cgit v1.2.3